Internet Voting, totally owned

Alex Halderman and his students have surpassed themselves in a pilot that was organized by the U.S. District of Columbia. Officials there had set up a system for voters abroad to vote over the internet. But before they went live they allowed people to hack the system, so they could proudly show that the system was secure. To make extra sure nobody would get in, they announced this only three days in advance.

The system was so completely owned that I would spoil the fun by telling you exactly what happened. Alex is just so much better at it:

The article on Freedom to tinker has more details if you want to get into the nitty-gritty.

You would think they’d forget about internet voting and maybe come back in 10 years time. But the Board of Elections there seems to think that this is just a minor glitch.

But Paul Stenbjorn, the board’s director of information services, said there were no plans to abandon the project. “The lesson learned is not to be more timid, but more aggressive about solving the problem,” he responded.

“The computer science community needs to understand that this toothpaste is already out of the tube, and no volume of warnings can put it back,” he said.

Mr. Epstein said that computer voting has been tried in Estonia and in some recent primaries in America, but added that the ballots had not been anonymous. Currently, several West Virginia counties are participating in a pilot project to use online voting next month for Americans overseas and in the military.

I say we take off and nuke the entire site from orbit. It’s the only way to be sure.